Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Forewarned is Forearmed

by The Gurus
June 28, 2016
in This Week's Gurus

????????????????????????????????????

Share on FacebookShare on Twitter

Forewarned is Forearmed
Cyber threats are evolving, fast. From social engineering to exploring the dark web for company specific information, even placing rogue individuals into an organisation as employees, criminal gangs are embarking upon increasingly targeted attacks. The implication for organisations is serious: while the tools employed by IT teams to secure the business are increasingly sophisticated, they are also generic and simply cannot counteract the specific, increasingly intelligence led attacks now in force.
Organisations need to fight intelligence with intelligence.  Are employees trustworthy – and if so, are they switched on to the risks associated with social networks? Are potential business partners, suppliers and investors who they appear to be? Is a competitor looking to cause reputational damage? Or is a specific company weakness being discussed or traded on the dark web?
From penetration tests to demonstrate employees’ vulnerability to social engineering to dark web vulnerability reports and thorough background checks, by fusing intelligence led security measures with existing security tools and processes, organisations change the game.  As Tony Sweeney, Cyber Security Director, KCS Group Europe, explains, armed with intelligence of specific, rather than generic, threats organisations can effectively leverage security tools and skills to pre-empt an attack.
Paying the Price
When two thirds of FTSE companies admit to being hit bit by a cyber breach in the past year¹, questions must be asked as to just how well the C-suite understands the level of risk now posed by cyber security.   In a continually evolving threat landscape, the fact that half the boardrooms are not even informed when an incident occurs would suggest a worrying lack of intelligence and insight into the true threats being faced.
Given the reputation loss and financial cost associated with cyber breaches, the implication of this lack of C-level insight is serious. How many CEOs realise that cyber security now includes social engineering, with employee social network profiles routinely explored and exploited to gain access to corporate data? Or that criminal gangs increasingly employ physical activity alongside cyber techniques – from cutting fibre optic cables to using cleaners to enter a building and load malware via thumb drives? Or that criminals are using the dark web both to discover corporate information and vulnerabilities and to trade stolen data?
The truth is that the cyber threat and the cyber criminal have changed in recent years – yet few companies have evolved their strategies as required and too many are paying the price.
Personal Attacks
There is no doubt that the security tools and procedures implemented by the Information Security team to counter the cyber threat are increasingly sophisticated. The problem is that they are, by default, designed to address the generic attack; and the criminal fraternity is getting personal.  It is too easy to set up fake Facebook and LinkedIn profiles, send friend requests and gain immediate access to an employee’s connections. With information about the dog’s name, the child’s birthday and favourite football team – information used in around 90% of passwords – a hacker’s brute force password attack becomes far more effective.
The dark web can also provide extraordinary detail into an organisation’s activities, suppliers, invoices and billing types, creating the material to support highly sophisticated phishing attacks. How can a business protect itself against a spoof phishing email that appears to come from the finance team?
To combat this targeted, sophisticated threat, organisations need to get personal in return. Embracing intelligence led security in tandem with the tools and policies already in place enables a far more focused and effective response to specific cyber threats.
Employee Vulnerability
Employees are obviously a key area of vulnerability for every business and there are a number of steps that need to be embedded within core processes to minimise the cyber risk.  The primary step must be to improve the vetting of employees, including contract staff such as cleaners, to minimise the chances of rogue individuals exploiting permitted access to introduce malware that enables remote hackers to gain full access to systems.
In addition, employees need to be made far more aware of social engineering and the potential business risk. For example, using sophisticated penetration tests and ethical hacks to highlight potential areas of weakness can be extremely revealing. How many employees accept invitations from false social media profiles? How many click on phishing emails from outside the organisation; or from those spoofed to appear to come from within?
While, of course, employees are encouraged to build their business networks, many individuals will be surprised by their lack of rigour when qualifying invitations. The insight delivered by these penetration tests provides the business with a chance to specifically target employees or teams with social media training and education, raising awareness of the sensitivity of information shared and the need to be discerning about accepting connections.
Intelligence Led
In addition to improving every aspect of employee related security, organisations can also explore intelligence led security that is continually tracking activity on the dark web. Dedicated experts with access to forums can rapidly identify if an organisation is at risk of attack or discover if a breach has already occurred. For example, one company recently discovered it had been breached when it was informed that one million customer names, with email addresses, were already being traded on the dark web.
This intelligence gathering can also identify other risks – such as those companies with employees that used corporate email addresses on Ashley Madison style websites. When that site was hacked, the use of the corporate addresses not only posed a security risk but also raised serious potential concerns regarding business reputation.
Indeed, damage to reputation is one of the biggest cyber risks – from competitors defacing web sites to the loss of sensitive data or unintentional association with inappropriate business partners. And given the specific, targeted, business specific nature of these attacks, organisations clearly need to evolve beyond the current generic approach to cyber security.  A monthly vulnerability report combining dark web intelligence with assessment of the security infrastructure, including penetration testing and ethical hacks, delivers a far more intelligent and specific insight into the actual level of cyber threat for each organisation.
Conclusion
Cyber hackers no longer operate only online; they increasingly exploit ‘traditional’ criminal skills in person to bypass cyber security procedures and gain specific insight into a corporation and its employees.  And they invest huge amounts of time and resources to target specific organisations, for a range of objectives.
There is simply no way that the cyber security tools currently deployed can fight this form of targeted attack. It is only by fusing intelligence led security that delivers insight into specific risks with the right security tools and processes that organisations can start to fight back.
 
¹ http://www.computerweekly.com/news/450295785/Two-thirds-of-UK-businesses-hit-by-cyber-security-breaches-but-directors-remain-unaware

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Ukrainian bank cyber-heist: Hackers take off with $10m

Next Post

More than half of consumers believe public Wi-Fi hotspots are safe, yet hackers easily breach them

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information